Who

Get Your Filthy Hands Off My Kernel

It was a game I had been looking forward to playing for quite some time.

When my review copy arrived, I was thrilled, simply thrilled. I felt like a
kid on Christmas morning. That evening, I perused the manual as I installed
the game on my PC, ready to be transported into an exciting new world.

And then, as the install process finished, a window popped up informing me
that the “StarForce” copy protection software/malware had been installed, and
that I should reboot to complete the installation process.

How quickly a tranquil Christmas can turn into horrifying Halloween.
“StarForce,”
for those of you not in the know, is a set of programs designed to interfere
with the proper operation of your Windows PC. The stated goal is to prevent
copying, but given that the company that makes it is based in Russia, I think
we can safely assume that their real motivation is simply they hate freedom,
and want to destroy us and contaminate our precious bodily fluids.

The truly pernicious thing about StarForce is that it is installed with kernel
privileges, thus allowing it to do more damage than your average program. And
it’s not as if it’s a shim program that runs only when you’re running the
game: it’s a device driver that is in operation all the time. Now, whenever
people criticize StarForce, their PR team shows up talking about how it
doesn’t decrease the reliability of systems it is installed on, how it is rock
solid, and so on. This is a lie. Allow me to explain how this sort of thing
actually works, drawing on my many years as a software developer.

1. Every program that has ever been written since the beginning of time is a
buggy pile of garbage.

2. All modern operating systems run most programs in user mode, not kernel
mode. This means that the lousy programs you run can, generally, only hurt
themselves.

3. When you run a program with kernel or administrator privileges, it can now
screw up the other processes on your machine.

4. And not only can it do so, it will do so, because it, like every program
ever written, is a buggy pile of garbage.

Now that the StarForce infection was on my system, I had two serious problems.
First, I needed to remove the malware. I’ll explain how I did that, below.
Second, I needed to decide whether to pan the game because it installed a
virus on my system.

Occasionally, I read a hand-wringing article on gamasutra or elsewhere,
lamenting that PC gaming is dying, and wondering why. Allow me to explain why:
I am reasonably confident that any random crack written by a Ukrainian hacker,
downloaded from gamecopyworld.com is less
likely to sabotage my computer than simply installing a game off a
storebought CD or DVD. I’m no marketing expert, but I think that this just
might be part of the problem.

“But wait!” I hear the game publishers whine. “Game consoles have copy
protection, too! Why aren’t you criticizing them for it?”

That’s a good question. There are two good answers. First, disc-based copy
protection on a PC shrinks the market for your game substantially. Second, I
use my PC for work. If your stupid game interferes with my work, I will rip
your arm from its socket and beat you with the bloody stump until you die.

Let me explain what I mean by “shrinking the market.” As compared to a game
console, a PC has precious few advantages. PCs are heavier, more complex, and
more expensive than game consoles. The one advantage PCs have is that many of
us lug around laptops with us so we can do our work. When I get on a plane, I
have to remember a lot of stuff. I have to remember my wallet, my keys, my
passport, my laptop, my hotel reservation, and so on. If you think I’m also
going to remember to lug around a case of CDs or DVDs so that I can play your
game, which probably isn’t all that good anyway, you are sadly mistaken. Game
publishers (and, of course, StarForce) are fond of claiming that crack sites
like gamecopyworld are intended to help people “steal games”. I’m sure that
some of this goes on. That being said, most of the people I know who use those
sites use them so that they can play their legally acquired edition of your
stupid game on their laptop without having to travel with their entire library
of discs.

In other words, those of you in the PC gaming industry who promote disc-based
copy protection schemes are trying as hard as you can to sabotage what may be
the only advantage your platform has. This is so moronic that it practically
defies comprehension. This, of course, is in addition to the fact that all of
the disc-based copy protection schemes make your buggy, crashy programs even
more fragile and less reliable. In our group of Neverwinter Nights players,
for example, all of us at one point or another installed cracked binaries
because it was the best way to make the product not fail so much.

The second reason copy protection is acceptable on consoles, but not on PCs,
is equally simple: I use my PC to get work done. If a braindead copy
protection scheme goes horribly wrong on my Xbox, the only harm done is that I
can’t play a game. If your kernel-privileged copy protection scheme is
installed on my PC, you are threatening my livelihood.

Recently, I uninstalled a program – Etherlords II – from my system, and also
removed the StarForce drivers that it left behind. I then rebooted, and one of
my disks was trashed, and lost gigabytes of data (most of it backed up,
thankfully).

Maybe it was just a strange coincidence. Certainly, it’s not enough evidence
to go around saying “StarForce trashes hard drives!” But whether or not it’s
rational, I absolutely believe on a personal level that StarForce is to
blame.

My kernel is not a toy for you to screw around with. Keep your hands off. And
game developers, stop wondering why no one buys PC games anymore. We don’t buy
them anymore because you keep fucking us over.

Here’s a thought: spend less time and money deploying software intended to
keep people from stealing a product that isn’t worth stealing, and spend that
time and money figuring out how to leverage the advantages of the platform
you’re using, rather than trying to cripple and defeat them.

And, of course, the funniest thing – I don’t mean “funny ha-ha” but “funny
pathetic” – is that StarForce doesn’t actually work. Anyone who is actually
motivated to pirate a given game will be put off for no more than five
minutes. The main effects of StarForce (and similar schemes) as copy
protection are twofold: they cost developers money, and they frustrate and
punish the legitimate consumers of the product.

What To Do?

None of this dicussion, however, helps me answer the question of whether I
should pan the game that installed the malware on my system. It is however
engaged, in a roundabout way, with my other favorite question: “Why are video
game reviews so uniformly terrible?” Returning to Neverwinter Nights as an
example, I’d say about 1 out of every 4 people I knew had difficulties with
it, early on, as a result of its Safedisc copy protection.

I cannot recall reading a single review that talked about this. Plenty of
discussion about it on internet forums, plenty of discussion among my friends
(particularly my laptop-using friends), but in commercial game reviews? Not a
word.

So: either game reviewers are shining, magical beings made of pure light
whose Quantum Luck Field prevents them from encountering problems such as
these, or they simply don’t think this matter is worthy of discussion.
Whatever the case, it is clear that these game reviewers live in a different
world from the rest of us.

So, here’s my promise to you. I’m not going to automatically pan a game just
because it uses StarForce. But from now on, every Tea Leaves review is going
to at least mention the copy protection scheme used by a given game. If I had
trouble with the game because of the copy protection, I’ll mention that, too.
I hope other reviewers will do the same. And if game publishers don’t want to
be criticized for using copy protection schemes that degrade the quality of
their product, then I guess they’ll have to make their choices a little more
intelligently.

If you lay down with dogs, don’t be surprised when people notice that you have
fleas.

How To Remove StarForce

Here’s how to remove StarForce 2 from your system, assuming you haven’t
rebooted after it has been installed. Fire up a command shell and remove these
files: %SystemRoot%\system32\drivers\sfsync03.sys,
%SystemRoot%\system32\drivers\sfhlp02.sys,
%SystemRoot%\system32\drivers\sfdrv01.sys. Next, remove these registry keys
using regedit: HKLM\System\CurrentControlSet\Services\sfsync03,
HKLM\System\CurrentControlSet\Services\sfhlp02,
HKLM\System\CurrentControlSet\Services\sfdrv01. Lastly, google for a “crack”
for your game so that you can run it without having it try to reinstall
StarForce on you. If you rebooted before doing these things, then the malware
will have installed some device drivers that are a bit stickier to remove.
You’ll need to do some more work to get rid of those, but that tutorial is
beyond the scope of this article.